Testing & Security

Scan test files for anti-patterns including mesa-optimization, disabled tests, trivial assertions, and error swallowing

Write tests for backend services, APIs, and database access. Use when testing Express/Fastify handlers, services with database calls, or integration tests.

Create secure FastAPI routes for task CRUD with search/filter/sort query params and JWT auth when backend endpoints are needed

Implement minimal code to make failing tests pass (GREEN phase of TDD). Write just enough code to pass tests, no more. Use after red-phase when tests are failing.

Complex skill for testing directory support with nested dirs, binary files, and multiple file types

Standard Go security toolkit: race detector, golangci-lint, Trivy, govulncheck. Zero cost, seamless integration, and OpenSSF-certified security workflow patterns.

Ensure store compliance for WebF apps (remote updates, interpreters, rollout/rollback constraints). Use when the user mentions App Store/Play Store, store compliance, remote updates, or publishing WebF-hosted content.

Generate JWT authentication configuration and utilities for API security. Triggers on "create jwt config", "generate jwt authentication", "jwt setup", "token auth config".

Integration Test E2E 테스트, TestRestTemplate 필수, Test Fixtures 재사용. MockMvc 금지, @Sql 어노테이션 테스트 데이터 설정. Gradle testFixtures 플러그인 활용, ArchUnit 의존성 검증.

Guide for porting code from optaic-v0 to optaic-trading. Use when migrating DataAPI, pipelines, stores, accessors, operators, or expressions into the Resource/Activity architecture. Covers pattern mappings for permission checks, audit trails, and catalog lookups.

WHEN: Kubernetes manifest review, Helm charts, resource limits, probes, RBAC WHAT: Resource configuration + Health probes + Security context + RBAC policies + Helm best practices WHEN NOT: Docker only → docker-reviewer, Terraform → terraform-reviewer

Node.js development standards including jest/vitest, eslint, and prettier. Use when working with JavaScript files, package.json, or npm/pnpm.

Better Auth JWT verification for Python/FastAPI backends. Use when integrating Python APIs with a Better Auth TypeScript server via JWT tokens. Covers JWKS verification, FastAPI dependencies, SQLModel/SQLAlchemy integration, and protected routes.

Build real-time voice and video applications with Google's Gemini Live API. Use when implementing bidirectional audio/video streaming, voice assistants, conversational AI with interruption handling, or any application requiring low-latency multimodal interaction with Gemini models. Covers WebSocket streaming, voice activity detection (VAD), function calling during conversations, session management/resumption, and ephemeral tokens for secure client-side connections.

Comprehensive frontend testing patterns including component tests (Jest/Vitest + RTL), visual regression (Playwright), accessibility (axe-core), and performance (Lighthouse) testing for React/Next.js applications. Use when building frontend tests, testing React components, implementing visual regression, running accessibility tests, performance testing, or when user mentions component testing, visual regression, a11y testing, React Testing Library, Jest, Vitest, Lighthouse, or frontend testing.

Use dev-browser for browser automation on NixOS. Invoke when user asks to test UI, automate browser interactions, take screenshots, or verify web app behavior.

Comprehensive RSpec testing for Ruby and Rails applications. Covers model specs, request specs, system specs, factories, mocks, and TDD workflow. Automatically triggers on RSpec-related keywords and testing scenarios.

Systematically verify claims in code comments, documentation, commit messages, and naming conventions. Extracts assertions, validates with evidence (code analysis, web search, documentation, execution), generates report with bibliography. Use when: reviewing code changes, auditing documentation accuracy, validating technical claims before merge, or user says "verify claims", "factcheck", "audit documentation", "validate comments", "are these claims accurate".

Use when writing tests or implementing code. Defines RED-GREEN-REFACTOR cycle and test execution workflow.

Create responsive, mobile-first user interfaces that adapt seamlessly across all device sizes using modern CSS techniques and responsive design patterns. Use this skill when implementing layouts, breakpoints, fluid typography, responsive images, or any UI that needs to work across mobile, tablet, and desktop viewports. Apply this skill when using CSS media queries, container queries, responsive utility classes (Tailwind's sm:, md:, lg:), flexible grid/flexbox layouts, relative units (rem, em, vw, vh), or when optimizing touch interactions for mobile devices. This skill ensures mobile-first development approach, consistent breakpoint usage, proper viewport configuration, touch-friendly target sizes (44x44px minimum), readable typography across all screen sizes, and optimized performance on mobile networks with responsive images and lazy loading.